In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.
CPE | Name | Operator | Version |
---|---|---|---|
postgresql | lt | 13.10.0 | |
postgresql | ge | 14.0.0 | |
postgresql | lt | 14.7.0 | |
postgresql | lt | 12.14.0 | |
postgresql | lt | 15.2.0 | |
postgresql | ge | 15.0.0 | |
postgresql | ge | 13.0.0 | |
postgresql | ge | 12.0.0 |